Again news about security issues related to encryption causes quite a stir. This time the vulnerability was found in Microsoft’s Secure Channel (Schannel) component and affects nearly every Microsoft Windows Server and desktop operating system as well as applications that are using the cryptographic functions provided by the operating system. Also the .NET Framework is affected, thus all user of our MailStore products are indirectly affected by this vulnerability as well.
Microsoft themselves writes in their security bulletin MS14-066 that it is possible for an attacker to execute arbitrary code by sending specially crafted data to the server. Hence the vulnerability has been rated as critical by Microsoft.
Therefore we recommend administrators to install the updates provided two days ago as soon as possible. As a positive side effect on system where the updates have been installed, support for additional, stronger TLS Cipher Suites is available. Respectively the article „Enhancing SSL Security“ (of MailStore Server) and „Enhancing SSL Security“ (of the MailStore Service Provider Edition) have been updated.